2019-01-08
ALT-BU-2019-3421-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2018-07-26
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-0618
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity: MEDIUM (5.4)
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
References:
- JVN#00846677
- JVN#00846677
- [debian-lts-announce] 20180724 [SECURITY] [DLA 1442-1] mailman security update
- [debian-lts-announce] 20180724 [SECURITY] [DLA 1442-1] mailman security update
- [mailman-announce] 20180622 Mailman 2.1.27 released
- [mailman-announce] 20180622 Mailman 2.1.27 released
- GLSA-201904-10
- GLSA-201904-10
- USN-4348-1
- USN-4348-1
- DSA-4246
- DSA-4246
Published: 2018-07-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-13796
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
Severity: MEDIUM (6.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
- https://bugs.launchpad.net/mailman/+bug/1780874
- https://bugs.launchpad.net/mailman/+bug/1780874
- [debian-lts-announce] 20180724 [SECURITY] [DLA 1442-1] mailman security update
- [debian-lts-announce] 20180724 [SECURITY] [DLA 1442-1] mailman security update
- GLSA-201904-10
- GLSA-201904-10
- USN-4348-1
- USN-4348-1
- [mailman-users] 20180710 Re: correction: Mailman 2.1.28 Security fix release
- [mailman-users] 20180710 Re: correction: Mailman 2.1.28 Security fix release